ACM Transactions on Software Engineering and Methodology

Special issue on Software Engineering and Security

Software system security issues are no longer only of primary concern to military, government or infrastructure systems. Every palmtop, desktop and TV set-top box contains or will soon contain networked software. This software must preserve desired security properties (authenticity, privacy, integrity) of activities ranging from electronic commerce, electronic messaging, and browsing. From being a peripheral concern of a limited and specialized group of engineers, security has become a central concern for a wide range of software professionals. In addition, software is no longer a monolithic shrink-wrapped product created by a single development organization with a well-defined software process. Instead, it is composed of components constructed by many different vendors following different practices. Indeed, software may even contain elements that arrive and are linked in just prior to execution. Customers need assurance that constituent components and mobile code have certain desirable properties; this need conflicts with the need for vendors to protect their proprietary information. The issue of providing assurance without full disclosure has been studied in security research, and needs to be applied to this problem.

To provide a focus for these and other interactions between security and software engineering, ACM TOSEM will bring out a special issue dedicated to the intersection of concerns between the two fields.

We solicit submissions that address the following issues and sub-areas:

How can security be used to address problems in distributed software development? How does one build trust and control in the distributed enactment of software processes while protecting intellectual property?

Trust in software process; Trust in software tools; Trusted (distributed) configuration management.

Can conventional, standard software engineering techniques be used to achieve verifiably higher levels of security in heterogeneous, distributed systems? What new software engineering techniques are needed?

Formal Verified implementations of security protocols; Traceability of correctness into implementation; Testing of security protocols; Specification of Secure Systems; Domain specific languages for Secure systems; Static/Dynamic Analysis for System Security; Security Testing (property-based, coverage-based, etc.); Configuring trusted systems; Evolving Legacy Systems for greater security.

Intellectual Property Protection: can security techniques be used to protect the valuable investments in software?

Reverse engineering counter measures; Software watermarking and copy protection; Combination Software and Hardware-based techniques.

Papers Due:June 1, 1999, 1200 GMT (Extended from the original date of April 1, 1999.)
Notification of Acceptance: October 1, 1999
Guest Editors: Premkumar Devanbu (devanbu@cs.ucdavis.edu, UC Davis) and Stuart Stubblebine, (stubblebine@cs.columbia.edu , CertCo )
For More Information: http://www.cs.columbia.edu/~stu/tosem.html (Note. New URL!)

Paper Submission Instructions: Please send a PostScript version of your paper to either of the Guest Editors by June 1st. Please insure that the paper is viewable using Ghostscript. The papers should not exceed 11,000 words (about 25 pages). Please provide contact information including each author's email address and phone number.

[ HOME ]